I moved away from SWATCH quite some time ago as it was always crashing.

SEC, simple event correlator may be better, and it uses perl regular
expressions.

http://kodu.neti.ee/~risto/sec/

- Reynold

Isaac Perez Moncho wrote:
> Hello,
> I just installed swatch, and used this configuration file for the
> checks:
> http://www.loganalysis.org/sections/signatures/log-swatch-skendrick.txt
>
> Anyone knows any other common phrase or word that I should find the logs
> for hardware and system errors?
> Or what you consider important to monitor in the logs?
> Thanks
>